Andy Malone

The Cloud: One small step for man. One giant leap for IT

Microsoft MVP (Enterprise Security)

Microsoft Certified Trainer (18 years)

Founder: Cybercrime Security Forum!

International Event Speaker

Winner: Microsoft Speaker Idol 2006

Andy Malone(United Kingdom)

Follow me on Twitter @AndyMalone

Agenda

The futureThe

Snowden Effect

Privacy & Surveillance

Security & Identity

What drives the cloud

Revolution or Evolution

The Journey from Revolution to Evolution

The Industrial Revolution

1760 - 1840

The Internet Revolution

1980 - 2005

The Industrial Internet

2005 - Present

The Mainframe Era

The Home Computer Revolution

The PC Dream

The Internet Age

The Mobile Era

The Cloud Era

Revolution or Evolution

The Personal Computer Revolution

Storage Driven Revolution

Punched Tape

Magnetic Tape

Floppy Disk

Compact Disk &

Variants

Hard Drive

HDD & Variants

USB Portable Storage

Cloud Storage

The Explosion of Data• Challenges• Anytime, anywhere, any

device connectivity• Explosion of data in all areas• Discover, search, and analyze

information in near real-time

• Responses

• Massive build-out of data centers

• Innovations in technologies• From infrastructure-focused to

user-centric deployment • New business models

Doubling every

2 years

What drives the cloud?

Consumerism High Speed Connections

Elastic Data Storage

Data center Reliability

99.9% SLASimple

ManagementSafe & Secure

The magic of Smart Innovation

The magic of software

Cisco Confidential

Execution Platforms at Scale

(Developers)

Infrastructure at Scale

(System Administrators)

Cloud Service Delivery at Scale (Public / Private Cloud Providers)

Applications at Scale

(End users)

Cloud Solutions

SaaS (Software as a Service (End users)

PaaS (Platform as a Service) Developers

IaaS (Infrastructure as a Service (Administrators

Enabling Technology (Cloud Service Delivery at Scale(Public / Private Cloud Providers)

Cloud Deployment Models

Public Cloud

Private Cloud

Hybrid Cloud

Virtual Private Cloud

Personal Cloud

Hybrid IT

• Hybrid Support & the Commons• First-party Applications• Total Cost of Ownership

Private • Hybrid Support & the Commons • First-party Applications• Higher-level Services

PublicMicrosoft Solutions

• Firstly many vendors are moving to cloud hosted software

• As such…– Smaller entities expected to migrate

fully to the cloud (e.g. Office 365)

– Medium entities will typically look at a cloud or Hybrid solutions

– Larger entities may typically use Private or Hybrid solutions

In the Cloud World: Size Matters

• Separate credential from on-premises credential

• Authentication occurs via cloud directory service

• Password policy is stored in Office 365

• Does not require on-premises server deployment

• Same credential as on-premises credential

• Authentication occurs via on-premises directory service

• Password policy is stored on-premises

• Requires on-premises DirSync server

• Solutions include Dirsync & Password Sync

• Or Dirsync & On-premises ADFS server

Single Sign On!

Identity & the Microsoft Cloud

What is Windows Azure Active Directory?

• Customized Version of ADLDS / ADAM

• Every Office 365 Customer is an Azure AD Tennant

• Designed primarily to meet the needs of cloud applications

• Extends Customers Active Directory into the cloud

• Think of it as a Fish on a Hook!

• Identity as a service: essential part of Platform as a Service

Relationship to Windows Server AD

• On-premises and cloud Active Directory managed as one

• Directory information synchronized to cloud, made available to cloud apps via roles-based access control

• Federated authentication enables single sign on to cloud applications

Why is WAAD So important

While enterprises work to consolidate identity system on-premises, cloud apps are fragmenting identity… again

Knowing where your data is stored

10 – 100 Datacenters (DCs) worldwide

Multiple Content Delivery Network (CDN) “edge nodes” around the world

Datacenter network conn

Know where your Data is Stored

Microsoft Cloud PrinciplesOr the Gotcha’s you need to understand!

Microsoft Cloud compliance

Data Processing Agreement

EU Model Clauses

ISO27001

US Health Insurance Portability and Accountability Act

EU Safe Harbor

Service Level Agreements (SLAs)

• Contract between customers and service providers of the level of service to be provided

• Contains performance metrics (e.g., uptime, throughput, response time)

• Problem management details• Documented security

capabilities• Contains penalties for non-

performance

Choices to keep Office 365 Customer Data separate from consumer services.

Office 365 Customer Data belongs to the customer.

Customers can export their data at any time.

The Microsoft strategy for privacy is to set a “high bar” around privacy practices that support global standards for data handling and transfer

Privacy in Office 365 & Windows Azure

No Mingling

Data Portability

No advertising products out of Customer Data.

No scanning of email or documents to build analytics or mine data.

No Advertising

Cisco Confidential

...Everything is Cloud

Comparison to the Consumer Cloud

• Facebook, Google, Skype, Twitter, LinkedIn etc are all US BASED Companies. Who have access to your data?

• Social-networking sites allow seemingly trivial gossip to be distributed to a worldwide audience, sometimes making people the butt of rumours shared by millions of users across the Internet

• Public sharing of private lives has led to a rethinking of our current conceptions of privacy

The Consumer CloudThe Privacy Dilemma

Facebook Privacy…Confusing!

The Consumer / Public Cloud Privacy Dilemma

Linked In

Additionally, you grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including but not limited to any user generated content, ideas, concepts, techniques or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss.

Facebook

“You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion

thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b)

to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the FacebookService or the promotion thereof. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”

Government Surveillance

Edward Snowden

• Revealed classified NSA details of a global surveillance apparatus run by the NSA and its Five Eyes partners, and numerous commercial and international partners

• Release was called the most significant leak in US history

Room 641A

Boundless Informant

• Powerful data mining tool for recording and analysing of intelligence

• Uses Big Data capture technology & provides near real time business intelligence to tactical & strategic decision makers

• Looks for visible trends, Deep metadata extraction

• Raw blob data analytics & back end processing (MapReduce, HDFS, Cloudbase)

The Technology behind Boundless Informant

• CloudBase is an open source data warehouse system for upto Pb scale analytics

• Built on top of Map-Reduce architecture

• Analyses using ANSI SQL to directly query large-scale log files arising in web site, telecommunications or IT operations

• Allows you to query flat log files using ANSI SQL

• Visit CloudBase home page for details-http://cloudbase.sourceforge.net

The Technology behind Boundless Informant

• MapReduce is based upon Intel’s Predictive Analytics platform for the capture and analysis of Big blob data

• Combines Hardware & Apache Hadoop Software

• Many applications including commercial, military, energy management etc

Project PRSIM

A word about NSA Suite B Encryption

Current NSA / CIA Surveillance Programs • Aircap

• BlackPerl

• Boundless Informant

• Cineplex

• XKeyscore

• PRISM

• Creek

• Crossbones

• Cultwave

• Cultweave

• Cybertrans

• Dishfire

• Double Arrow

• Dragonfly

• Wealthy Cluster

• Hightide

• Skywriter

• Jolly Rodger

• Kingfish

• Liquid fire

• Messiah

• Night surf

• Normal Run

• Mailorder

• Pinwale

• Taperplay

• Tarotcard

• Twisted Path

• Yellowstone

“I have nothing to hide”

“For to be free is not merely to cast off one's

chains, but to live in a way that respects and

enhances the freedom of others”

Nelson Mandela

“If there is no right to privacy then there can be

no true freedom of expression and therefore

no true democracy”

Dilma Vana Rousseff

Is it right that the foundational Technologies of the Internet, Cryptographic

Algorithms, Domain names, IP Address backbone be dominated by the One

Nation? Perhaps Is it time for this infrastructure to be internationally managed

Independently of any one Country?

Finding the Correct Balance!

A Bill in Everyone’s Home

Announcing:Microsoft Bill V2.0…

Now Everyone Can Have One….

"The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking."

“It’s not about the destination. It’s about the journey”

Join me for my other NIC sessions…

Migrating to Office

365

The new Office 365 for IT Pro's

Office 365 Security

Deep Dive

Thank you

Please evaluate the session before you leave